Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/electron@40.6.0
Typenpm
Namespace
Nameelectron
Version40.6.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version40.8.5
Latest_non_vulnerable_version42.0.0-alpha.5
Affected_by_vulnerabilities
0
url VCID-2h5f-hwjw-77dp
vulnerability_id VCID-2h5f-hwjw-77dp
summary electron: Electron: Context Isolation bypass via VideoFrame object transfer
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34780.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34780.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34780
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01878
published_at 2026-06-09T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.019
published_at 2026-06-05T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01905
published_at 2026-06-06T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01897
published_at 2026-06-07T12:55:00Z
4
value 0.00012
scoring_system epss
scoring_elements 0.01884
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34780
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-jfqg-hf23-qpw2
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:49:13Z/
url https://github.com/electron/electron/security/advisories/GHSA-jfqg-hf23-qpw2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34780
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34780
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455020
reference_id 2455020
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455020
6
reference_url https://github.com/advisories/GHSA-jfqg-hf23-qpw2
reference_id GHSA-jfqg-hf23-qpw2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jfqg-hf23-qpw2
fixed_packages
0
url pkg:npm/electron@40.7.0
purl pkg:npm/electron@40.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-egxx-avtf-ekah
4
vulnerability VCID-j8e6-q6j5-tyf8
5
vulnerability VCID-jy1k-8gy7-pkb7
6
vulnerability VCID-p1m4-3gu6-zffw
7
vulnerability VCID-pjqf-nps2-7yhc
8
vulnerability VCID-qs5f-9ftk-fben
9
vulnerability VCID-t1uc-59dn-j3gd
10
vulnerability VCID-wfx6-9nh3-quar
11
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0
1
url pkg:npm/electron@41.0.0-beta.8
purl pkg:npm/electron@41.0.0-beta.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-5w4g-q3st-m7hf
4
vulnerability VCID-egxx-avtf-ekah
5
vulnerability VCID-j8e6-q6j5-tyf8
6
vulnerability VCID-jy1k-8gy7-pkb7
7
vulnerability VCID-p1m4-3gu6-zffw
8
vulnerability VCID-qs5f-9ftk-fben
9
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8
aliases CVE-2026-34780, GHSA-jfqg-hf23-qpw2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2h5f-hwjw-77dp
1
url VCID-2kk5-3p41-kycs
vulnerability_id VCID-2kk5-3p41-kycs
summary electron: Electron: Protocol handler hijacking via improper validation of protocol names
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34773
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06644
published_at 2026-06-09T12:55:00Z
1
value 0.00023
scoring_system epss
scoring_elements 0.06694
published_at 2026-06-05T12:55:00Z
2
value 0.00023
scoring_system epss
scoring_elements 0.06698
published_at 2026-06-06T12:55:00Z
3
value 0.00023
scoring_system epss
scoring_elements 0.06684
published_at 2026-06-07T12:55:00Z
4
value 0.00023
scoring_system epss
scoring_elements 0.06642
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34773
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T16:03:47Z/
url https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34773
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34773
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455025
reference_id 2455025
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455025
6
reference_url https://github.com/advisories/GHSA-mwmh-mq4g-g6gr
reference_id GHSA-mwmh-mq4g-g6gr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwmh-mq4g-g6gr
fixed_packages
0
url pkg:npm/electron@40.8.1
purl pkg:npm/electron@40.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5cmc-cnnq-xyhw
1
vulnerability VCID-j8e6-q6j5-tyf8
2
vulnerability VCID-jy1k-8gy7-pkb7
3
vulnerability VCID-qs5f-9ftk-fben
4
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1
1
url pkg:npm/electron@41.0.0
purl pkg:npm/electron@41.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5cmc-cnnq-xyhw
1
vulnerability VCID-j8e6-q6j5-tyf8
2
vulnerability VCID-jy1k-8gy7-pkb7
3
vulnerability VCID-qs5f-9ftk-fben
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0
aliases CVE-2026-34773, GHSA-mwmh-mq4g-g6gr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2kk5-3p41-kycs
2
url VCID-3wxh-7cvs-g3et
vulnerability_id VCID-3wxh-7cvs-g3et
summary Electron: Electron: Arbitrary code execution and security bypass via undocumented command-line switches
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34769
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01631
published_at 2026-06-09T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01636
published_at 2026-06-05T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01643
published_at 2026-06-06T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01642
published_at 2026-06-07T12:55:00Z
4
value 0.00012
scoring_system epss
scoring_elements 0.01634
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34769
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:34:49Z/
url https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34769
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34769
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455004
reference_id 2455004
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455004
6
reference_url https://github.com/advisories/GHSA-9wfr-w7mm-pc7f
reference_id GHSA-9wfr-w7mm-pc7f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9wfr-w7mm-pc7f
fixed_packages
0
url pkg:npm/electron@40.7.0
purl pkg:npm/electron@40.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-egxx-avtf-ekah
4
vulnerability VCID-j8e6-q6j5-tyf8
5
vulnerability VCID-jy1k-8gy7-pkb7
6
vulnerability VCID-p1m4-3gu6-zffw
7
vulnerability VCID-pjqf-nps2-7yhc
8
vulnerability VCID-qs5f-9ftk-fben
9
vulnerability VCID-t1uc-59dn-j3gd
10
vulnerability VCID-wfx6-9nh3-quar
11
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0
1
url pkg:npm/electron@41.0.0-beta.8
purl pkg:npm/electron@41.0.0-beta.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-5w4g-q3st-m7hf
4
vulnerability VCID-egxx-avtf-ekah
5
vulnerability VCID-j8e6-q6j5-tyf8
6
vulnerability VCID-jy1k-8gy7-pkb7
7
vulnerability VCID-p1m4-3gu6-zffw
8
vulnerability VCID-qs5f-9ftk-fben
9
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8
aliases CVE-2026-34769, GHSA-9wfr-w7mm-pc7f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3wxh-7cvs-g3et
3
url VCID-4u89-87dg-zqdt
vulnerability_id VCID-4u89-87dg-zqdt
summary Electron: Electron: Information disclosure via crafted second-instance message
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34776
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01706
published_at 2026-06-09T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01714
published_at 2026-06-05T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.0172
published_at 2026-06-07T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01712
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34776
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:31:24Z/
url https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34776
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34776
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455021
reference_id 2455021
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455021
6
reference_url https://github.com/advisories/GHSA-3c8v-cfp5-9885
reference_id GHSA-3c8v-cfp5-9885
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3c8v-cfp5-9885
fixed_packages
0
url pkg:npm/electron@40.8.1
purl pkg:npm/electron@40.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5cmc-cnnq-xyhw
1
vulnerability VCID-j8e6-q6j5-tyf8
2
vulnerability VCID-jy1k-8gy7-pkb7
3
vulnerability VCID-qs5f-9ftk-fben
4
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1
1
url pkg:npm/electron@41.0.0
purl pkg:npm/electron@41.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5cmc-cnnq-xyhw
1
vulnerability VCID-j8e6-q6j5-tyf8
2
vulnerability VCID-jy1k-8gy7-pkb7
3
vulnerability VCID-qs5f-9ftk-fben
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0
aliases CVE-2026-34776, GHSA-3c8v-cfp5-9885
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4u89-87dg-zqdt
4
url VCID-5cmc-cnnq-xyhw
vulnerability_id VCID-5cmc-cnnq-xyhw
summary Electron: Electron: Denial of Service via malformed clipboard image data
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34781
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00316
published_at 2026-06-09T12:55:00Z
1
value 6e-05
scoring_system epss
scoring_elements 0.00323
published_at 2026-06-05T12:55:00Z
2
value 6e-05
scoring_system epss
scoring_elements 0.00324
published_at 2026-06-06T12:55:00Z
3
value 6e-05
scoring_system epss
scoring_elements 0.00318
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34781
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287
4
reference_url https://github.com/electron/electron/pull/50475
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/50475
5
reference_url https://github.com/electron/electron/releases/tag/v39.8.5
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/releases/tag/v39.8.5
6
reference_url https://github.com/electron/electron/releases/tag/v40.8.5
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/releases/tag/v40.8.5
7
reference_url https://github.com/electron/electron/releases/tag/v41.1.0
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/releases/tag/v41.1.0
8
reference_url https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5
9
reference_url https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T16:10:12Z/
url https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34781
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34781
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456279
reference_id 2456279
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456279
12
reference_url https://github.com/advisories/GHSA-f37v-82c4-4x64
reference_id GHSA-f37v-82c4-4x64
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f37v-82c4-4x64
fixed_packages
0
url pkg:npm/electron@40.8.5
purl pkg:npm/electron@40.8.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5
1
url pkg:npm/electron@41.1.0
purl pkg:npm/electron@41.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0
2
url pkg:npm/electron@42.0.0-alpha.5
purl pkg:npm/electron@42.0.0-alpha.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5
aliases CVE-2026-34781, GHSA-f37v-82c4-4x64
risk_score 2.2
exploitability 0.5
weighted_severity 4.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5cmc-cnnq-xyhw
5
url VCID-5w4g-q3st-m7hf
vulnerability_id VCID-5w4g-q3st-m7hf
summary Electron: Electron: Memory corruption and crash due to use-after-free in offscreen rendering
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34774
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05524
published_at 2026-06-09T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05536
published_at 2026-06-05T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05519
published_at 2026-06-06T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05518
published_at 2026-06-07T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.05478
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34774
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:28:41Z/
url https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34774
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34774
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455026
reference_id 2455026
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455026
6
reference_url https://github.com/advisories/GHSA-532v-xpq5-8h95
reference_id GHSA-532v-xpq5-8h95
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-532v-xpq5-8h95
fixed_packages
0
url pkg:npm/electron@40.7.0
purl pkg:npm/electron@40.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-egxx-avtf-ekah
4
vulnerability VCID-j8e6-q6j5-tyf8
5
vulnerability VCID-jy1k-8gy7-pkb7
6
vulnerability VCID-p1m4-3gu6-zffw
7
vulnerability VCID-pjqf-nps2-7yhc
8
vulnerability VCID-qs5f-9ftk-fben
9
vulnerability VCID-t1uc-59dn-j3gd
10
vulnerability VCID-wfx6-9nh3-quar
11
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0
1
url pkg:npm/electron@41.0.0
purl pkg:npm/electron@41.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5cmc-cnnq-xyhw
1
vulnerability VCID-j8e6-q6j5-tyf8
2
vulnerability VCID-jy1k-8gy7-pkb7
3
vulnerability VCID-qs5f-9ftk-fben
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0
aliases CVE-2026-34774, GHSA-532v-xpq5-8h95
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5w4g-q3st-m7hf
6
url VCID-6vad-u5vg-dba5
vulnerability_id VCID-6vad-u5vg-dba5
summary Electron: Electron: Unauthorized USB device access via select-usb-device event callback validation bypass
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34766
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.01082
published_at 2026-06-09T12:55:00Z
1
value 9e-05
scoring_system epss
scoring_elements 0.01087
published_at 2026-06-07T12:55:00Z
2
value 9e-05
scoring_system epss
scoring_elements 0.01081
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34766
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:01Z/
url https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34766
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34766
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454998
reference_id 2454998
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454998
6
reference_url https://github.com/advisories/GHSA-9899-m83m-qhpj
reference_id GHSA-9899-m83m-qhpj
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9899-m83m-qhpj
fixed_packages
0
url pkg:npm/electron@40.7.0
purl pkg:npm/electron@40.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-egxx-avtf-ekah
4
vulnerability VCID-j8e6-q6j5-tyf8
5
vulnerability VCID-jy1k-8gy7-pkb7
6
vulnerability VCID-p1m4-3gu6-zffw
7
vulnerability VCID-pjqf-nps2-7yhc
8
vulnerability VCID-qs5f-9ftk-fben
9
vulnerability VCID-t1uc-59dn-j3gd
10
vulnerability VCID-wfx6-9nh3-quar
11
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0
1
url pkg:npm/electron@41.0.0-beta.8
purl pkg:npm/electron@41.0.0-beta.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-5w4g-q3st-m7hf
4
vulnerability VCID-egxx-avtf-ekah
5
vulnerability VCID-j8e6-q6j5-tyf8
6
vulnerability VCID-jy1k-8gy7-pkb7
7
vulnerability VCID-p1m4-3gu6-zffw
8
vulnerability VCID-qs5f-9ftk-fben
9
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8
aliases CVE-2026-34766, GHSA-9899-m83m-qhpj
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6vad-u5vg-dba5
7
url VCID-df1y-n1s8-x3g4
vulnerability_id VCID-df1y-n1s8-x3g4
summary Electron: Electron: Use-after-free vulnerability leads to memory corruption or crash
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34772
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02806
published_at 2026-06-09T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02901
published_at 2026-06-05T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02908
published_at 2026-06-06T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02855
published_at 2026-06-07T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02839
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34772
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:27:31Z/
url https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34772
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34772
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455005
reference_id 2455005
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455005
6
reference_url https://github.com/advisories/GHSA-9w97-2464-8783
reference_id GHSA-9w97-2464-8783
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9w97-2464-8783
fixed_packages
0
url pkg:npm/electron@40.7.0
purl pkg:npm/electron@40.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-egxx-avtf-ekah
4
vulnerability VCID-j8e6-q6j5-tyf8
5
vulnerability VCID-jy1k-8gy7-pkb7
6
vulnerability VCID-p1m4-3gu6-zffw
7
vulnerability VCID-pjqf-nps2-7yhc
8
vulnerability VCID-qs5f-9ftk-fben
9
vulnerability VCID-t1uc-59dn-j3gd
10
vulnerability VCID-wfx6-9nh3-quar
11
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0
1
url pkg:npm/electron@41.0.0-beta.7
purl pkg:npm/electron@41.0.0-beta.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2h5f-hwjw-77dp
1
vulnerability VCID-2kk5-3p41-kycs
2
vulnerability VCID-3wxh-7cvs-g3et
3
vulnerability VCID-4u89-87dg-zqdt
4
vulnerability VCID-5cmc-cnnq-xyhw
5
vulnerability VCID-5w4g-q3st-m7hf
6
vulnerability VCID-6vad-u5vg-dba5
7
vulnerability VCID-egxx-avtf-ekah
8
vulnerability VCID-j8e6-q6j5-tyf8
9
vulnerability VCID-jy1k-8gy7-pkb7
10
vulnerability VCID-p1m4-3gu6-zffw
11
vulnerability VCID-pjqf-nps2-7yhc
12
vulnerability VCID-qs5f-9ftk-fben
13
vulnerability VCID-t1uc-59dn-j3gd
14
vulnerability VCID-wfx6-9nh3-quar
15
vulnerability VCID-x7he-eg8d-g7hj
16
vulnerability VCID-zzcf-uus6-rqa8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.7
aliases CVE-2026-34772, GHSA-9w97-2464-8783
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-df1y-n1s8-x3g4
8
url VCID-egxx-avtf-ekah
vulnerability_id VCID-egxx-avtf-ekah
summary Electron: Electron: Unauthorized permission granting and information disclosure via incorrect iframe origin
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34777
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00381
published_at 2026-06-09T12:55:00Z
1
value 6e-05
scoring_system epss
scoring_elements 0.00385
published_at 2026-06-05T12:55:00Z
2
value 6e-05
scoring_system epss
scoring_elements 0.00387
published_at 2026-06-06T12:55:00Z
3
value 6e-05
scoring_system epss
scoring_elements 0.00382
published_at 2026-06-07T12:55:00Z
4
value 6e-05
scoring_system epss
scoring_elements 0.0038
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34777
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:32:48Z/
url https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34777
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34777
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455022
reference_id 2455022
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455022
6
reference_url https://github.com/advisories/GHSA-r5p7-gp4j-qhrx
reference_id GHSA-r5p7-gp4j-qhrx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r5p7-gp4j-qhrx
fixed_packages
0
url pkg:npm/electron@40.8.1
purl pkg:npm/electron@40.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5cmc-cnnq-xyhw
1
vulnerability VCID-j8e6-q6j5-tyf8
2
vulnerability VCID-jy1k-8gy7-pkb7
3
vulnerability VCID-qs5f-9ftk-fben
4
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1
1
url pkg:npm/electron@41.0.0
purl pkg:npm/electron@41.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5cmc-cnnq-xyhw
1
vulnerability VCID-j8e6-q6j5-tyf8
2
vulnerability VCID-jy1k-8gy7-pkb7
3
vulnerability VCID-qs5f-9ftk-fben
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0
aliases CVE-2026-34777, GHSA-r5p7-gp4j-qhrx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egxx-avtf-ekah
9
url VCID-j8e6-q6j5-tyf8
vulnerability_id VCID-j8e6-q6j5-tyf8
summary electron: Electron: HTTP Response Header Injection via attacker-controlled input
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34767
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01587
published_at 2026-06-09T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.0159
published_at 2026-06-08T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01596
published_at 2026-06-06T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01597
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34767
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:46Z/
url https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34767
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34767
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455000
reference_id 2455000
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455000
6
reference_url https://github.com/advisories/GHSA-4p4r-m79c-wq3v
reference_id GHSA-4p4r-m79c-wq3v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4p4r-m79c-wq3v
fixed_packages
0
url pkg:npm/electron@40.8.3
purl pkg:npm/electron@40.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5cmc-cnnq-xyhw
1
vulnerability VCID-jy1k-8gy7-pkb7
2
vulnerability VCID-qs5f-9ftk-fben
3
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.3
1
url pkg:npm/electron@41.0.3
purl pkg:npm/electron@41.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5cmc-cnnq-xyhw
1
vulnerability VCID-jy1k-8gy7-pkb7
2
vulnerability VCID-qs5f-9ftk-fben
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.3
aliases CVE-2026-34767, GHSA-4p4r-m79c-wq3v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8e6-q6j5-tyf8
10
url VCID-jy1k-8gy7-pkb7
vulnerability_id VCID-jy1k-8gy7-pkb7
summary Electron: Electron: Memory corruption or crash due to use-after-free in offscreen rendering with shared textures.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34764.json
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34764.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34764
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04825
published_at 2026-06-09T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04855
published_at 2026-06-05T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04845
published_at 2026-06-06T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04835
published_at 2026-06-07T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04796
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34764
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-8x5q-pvf5-64mp
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:47:38Z/
url https://github.com/electron/electron/security/advisories/GHSA-8x5q-pvf5-64mp
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34764
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34764
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455466
reference_id 2455466
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455466
6
reference_url https://github.com/advisories/GHSA-8x5q-pvf5-64mp
reference_id GHSA-8x5q-pvf5-64mp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8x5q-pvf5-64mp
fixed_packages
0
url pkg:npm/electron@40.8.5
purl pkg:npm/electron@40.8.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5
1
url pkg:npm/electron@41.1.0
purl pkg:npm/electron@41.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0
2
url pkg:npm/electron@42.0.0-alpha.5
purl pkg:npm/electron@42.0.0-alpha.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5
aliases CVE-2026-34764, GHSA-8x5q-pvf5-64mp
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jy1k-8gy7-pkb7
11
url VCID-p1m4-3gu6-zffw
vulnerability_id VCID-p1m4-3gu6-zffw
summary Electron: Electron: Integrity issue due to IPC channel spoofing by a service worker
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34778
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00457
published_at 2026-06-08T12:55:00Z
1
value 6e-05
scoring_system epss
scoring_elements 0.00462
published_at 2026-06-05T12:55:00Z
2
value 6e-05
scoring_system epss
scoring_elements 0.00463
published_at 2026-06-06T12:55:00Z
3
value 6e-05
scoring_system epss
scoring_elements 0.0046
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34778
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:50:39Z/
url https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34778
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34778
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455024
reference_id 2455024
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455024
6
reference_url https://github.com/advisories/GHSA-xj5x-m3f3-5x3h
reference_id GHSA-xj5x-m3f3-5x3h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xj5x-m3f3-5x3h
fixed_packages
0
url pkg:npm/electron@40.8.1
purl pkg:npm/electron@40.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5cmc-cnnq-xyhw
1
vulnerability VCID-j8e6-q6j5-tyf8
2
vulnerability VCID-jy1k-8gy7-pkb7
3
vulnerability VCID-qs5f-9ftk-fben
4
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1
1
url pkg:npm/electron@41.0.0
purl pkg:npm/electron@41.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5cmc-cnnq-xyhw
1
vulnerability VCID-j8e6-q6j5-tyf8
2
vulnerability VCID-jy1k-8gy7-pkb7
3
vulnerability VCID-qs5f-9ftk-fben
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0
aliases CVE-2026-34778, GHSA-xj5x-m3f3-5x3h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p1m4-3gu6-zffw
12
url VCID-pjqf-nps2-7yhc
vulnerability_id VCID-pjqf-nps2-7yhc
summary electron: Electron: Arbitrary code execution via unquoted path in Run registry key
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34768
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00322
published_at 2026-06-09T12:55:00Z
1
value 6e-05
scoring_system epss
scoring_elements 0.00328
published_at 2026-06-05T12:55:00Z
2
value 6e-05
scoring_system epss
scoring_elements 0.0033
published_at 2026-06-06T12:55:00Z
3
value 6e-05
scoring_system epss
scoring_elements 0.00323
published_at 2026-06-07T12:55:00Z
4
value 6e-05
scoring_system epss
scoring_elements 0.00321
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34768
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:08:45Z/
url https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34768
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34768
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454996
reference_id 2454996
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454996
6
reference_url https://github.com/advisories/GHSA-jfqx-fxh3-c62j
reference_id GHSA-jfqx-fxh3-c62j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jfqx-fxh3-c62j
fixed_packages
0
url pkg:npm/electron@40.8.0
purl pkg:npm/electron@40.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-egxx-avtf-ekah
4
vulnerability VCID-j8e6-q6j5-tyf8
5
vulnerability VCID-jy1k-8gy7-pkb7
6
vulnerability VCID-p1m4-3gu6-zffw
7
vulnerability VCID-qs5f-9ftk-fben
8
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0
1
url pkg:npm/electron@41.0.0-beta.8
purl pkg:npm/electron@41.0.0-beta.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-5w4g-q3st-m7hf
4
vulnerability VCID-egxx-avtf-ekah
5
vulnerability VCID-j8e6-q6j5-tyf8
6
vulnerability VCID-jy1k-8gy7-pkb7
7
vulnerability VCID-p1m4-3gu6-zffw
8
vulnerability VCID-qs5f-9ftk-fben
9
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8
aliases CVE-2026-34768, GHSA-jfqx-fxh3-c62j
risk_score 1.8
exploitability 0.5
weighted_severity 3.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pjqf-nps2-7yhc
13
url VCID-qs5f-9ftk-fben
vulnerability_id VCID-qs5f-9ftk-fben
summary electron: Electron: Arbitrary code execution or information disclosure via incorrect window handling
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34765
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07544
published_at 2026-06-09T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.07595
published_at 2026-06-05T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.07605
published_at 2026-06-06T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.07583
published_at 2026-06-07T12:55:00Z
4
value 0.00025
scoring_system epss
scoring_elements 0.07535
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34765
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/releases/tag/v39.8.5
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/releases/tag/v39.8.5
4
reference_url https://github.com/electron/electron/releases/tag/v40.8.5
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/releases/tag/v40.8.5
5
reference_url https://github.com/electron/electron/releases/tag/v41.1.0
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/releases/tag/v41.1.0
6
reference_url https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5
7
reference_url https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:10Z/
url https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34765
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34765
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456278
reference_id 2456278
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456278
10
reference_url https://github.com/advisories/GHSA-f3pv-wv63-48x8
reference_id GHSA-f3pv-wv63-48x8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3pv-wv63-48x8
fixed_packages
0
url pkg:npm/electron@40.8.5
purl pkg:npm/electron@40.8.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5
1
url pkg:npm/electron@41.1.0
purl pkg:npm/electron@41.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0
2
url pkg:npm/electron@42.0.0-alpha.5
purl pkg:npm/electron@42.0.0-alpha.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5
aliases CVE-2026-34765, GHSA-f3pv-wv63-48x8
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qs5f-9ftk-fben
14
url VCID-t1uc-59dn-j3gd
vulnerability_id VCID-t1uc-59dn-j3gd
summary 
Electron: Use-after-free in PowerMonitor on Windows and macOS
### Impact
Apps that use the `powerMonitor` module may be vulnerable to a use-after-free. After the native `PowerMonitor` object is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption.

All apps that access `powerMonitor` events (`suspend`, `resume`, `lock-screen`, etc.) are potentially affected. The issue is not directly renderer-controllable.

### Workarounds
There are no app side workarounds, you must update to a patched version of Electron.

### Fixed Versions
* `41.0.0-beta.8`
* `40.8.0`
* `39.8.1`
* `38.8.6`

### For more information
If there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34770
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02855
published_at 2026-06-07T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02806
published_at 2026-06-09T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02839
published_at 2026-06-08T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02901
published_at 2026-06-05T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02908
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34770
1
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
2
reference_url https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T19:09:58Z/
url https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34770
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34770
4
reference_url https://github.com/advisories/GHSA-jjp3-mq3x-295m
reference_id GHSA-jjp3-mq3x-295m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjp3-mq3x-295m
fixed_packages
0
url pkg:npm/electron@40.8.0
purl pkg:npm/electron@40.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-egxx-avtf-ekah
4
vulnerability VCID-j8e6-q6j5-tyf8
5
vulnerability VCID-jy1k-8gy7-pkb7
6
vulnerability VCID-p1m4-3gu6-zffw
7
vulnerability VCID-qs5f-9ftk-fben
8
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0
1
url pkg:npm/electron@41.0.0-beta.8
purl pkg:npm/electron@41.0.0-beta.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-5w4g-q3st-m7hf
4
vulnerability VCID-egxx-avtf-ekah
5
vulnerability VCID-j8e6-q6j5-tyf8
6
vulnerability VCID-jy1k-8gy7-pkb7
7
vulnerability VCID-p1m4-3gu6-zffw
8
vulnerability VCID-qs5f-9ftk-fben
9
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8
aliases CVE-2026-34770, GHSA-jjp3-mq3x-295m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t1uc-59dn-j3gd
15
url VCID-wfx6-9nh3-quar
vulnerability_id VCID-wfx6-9nh3-quar
summary 
Electron: AppleScript injection in app.moveToApplicationsFolder on macOS
### Impact
On macOS, `app.moveToApplicationsFolder()` used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the move-to-Applications prompt.

Apps are only affected if they call `app.moveToApplicationsFolder()`. Apps that do not use this API are not affected.

### Workarounds
There are no app side workarounds, developers must update to a patched version of Electron.

### Fixed Versions
* `41.0.0-beta.8`
* `40.8.0`
* `39.8.1`
* `38.8.6`

### For more information
If there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34779
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01182
published_at 2026-06-06T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01181
published_at 2026-06-09T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.0118
published_at 2026-06-08T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.01183
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34779
1
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
2
reference_url https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:49:50Z/
url https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34779
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34779
4
reference_url https://github.com/advisories/GHSA-5rqw-r77c-jp79
reference_id GHSA-5rqw-r77c-jp79
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5rqw-r77c-jp79
fixed_packages
0
url pkg:npm/electron@40.8.0
purl pkg:npm/electron@40.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-egxx-avtf-ekah
4
vulnerability VCID-j8e6-q6j5-tyf8
5
vulnerability VCID-jy1k-8gy7-pkb7
6
vulnerability VCID-p1m4-3gu6-zffw
7
vulnerability VCID-qs5f-9ftk-fben
8
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0
1
url pkg:npm/electron@41.0.0-beta.8
purl pkg:npm/electron@41.0.0-beta.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-5w4g-q3st-m7hf
4
vulnerability VCID-egxx-avtf-ekah
5
vulnerability VCID-j8e6-q6j5-tyf8
6
vulnerability VCID-jy1k-8gy7-pkb7
7
vulnerability VCID-p1m4-3gu6-zffw
8
vulnerability VCID-qs5f-9ftk-fben
9
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8
aliases CVE-2026-34779, GHSA-5rqw-r77c-jp79
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfx6-9nh3-quar
16
url VCID-x7he-eg8d-g7hj
vulnerability_id VCID-x7he-eg8d-g7hj
summary Electron: Electron: Arbitrary code execution and information disclosure due to incorrect Node.js integration scoping
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34775
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02102
published_at 2026-06-09T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02125
published_at 2026-06-05T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02132
published_at 2026-06-06T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02122
published_at 2026-06-07T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02109
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34775
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:52:56Z/
url https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34775
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34775
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455023
reference_id 2455023
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455023
6
reference_url https://github.com/advisories/GHSA-xwr5-m59h-vwqr
reference_id GHSA-xwr5-m59h-vwqr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xwr5-m59h-vwqr
fixed_packages
0
url pkg:npm/electron@40.8.4
purl pkg:npm/electron@40.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5cmc-cnnq-xyhw
1
vulnerability VCID-jy1k-8gy7-pkb7
2
vulnerability VCID-qs5f-9ftk-fben
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.4
1
url pkg:npm/electron@41.0.0
purl pkg:npm/electron@41.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5cmc-cnnq-xyhw
1
vulnerability VCID-j8e6-q6j5-tyf8
2
vulnerability VCID-jy1k-8gy7-pkb7
3
vulnerability VCID-qs5f-9ftk-fben
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0
aliases CVE-2026-34775, GHSA-xwr5-m59h-vwqr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7he-eg8d-g7hj
17
url VCID-zzcf-uus6-rqa8
vulnerability_id VCID-zzcf-uus6-rqa8
summary electron: Electron: Memory corruption or application crash via use-after-free in permission request handling
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34771
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04549
published_at 2026-06-09T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.0459
published_at 2026-06-05T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04577
published_at 2026-06-06T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04564
published_at 2026-06-07T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.04529
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34771
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T16:04:11Z/
url https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34771
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34771
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454995
reference_id 2454995
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454995
6
reference_url https://github.com/advisories/GHSA-8337-3p73-46f4
reference_id GHSA-8337-3p73-46f4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8337-3p73-46f4
fixed_packages
0
url pkg:npm/electron@40.7.0
purl pkg:npm/electron@40.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-egxx-avtf-ekah
4
vulnerability VCID-j8e6-q6j5-tyf8
5
vulnerability VCID-jy1k-8gy7-pkb7
6
vulnerability VCID-p1m4-3gu6-zffw
7
vulnerability VCID-pjqf-nps2-7yhc
8
vulnerability VCID-qs5f-9ftk-fben
9
vulnerability VCID-t1uc-59dn-j3gd
10
vulnerability VCID-wfx6-9nh3-quar
11
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0
1
url pkg:npm/electron@41.0.0-beta.8
purl pkg:npm/electron@41.0.0-beta.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kk5-3p41-kycs
1
vulnerability VCID-4u89-87dg-zqdt
2
vulnerability VCID-5cmc-cnnq-xyhw
3
vulnerability VCID-5w4g-q3st-m7hf
4
vulnerability VCID-egxx-avtf-ekah
5
vulnerability VCID-j8e6-q6j5-tyf8
6
vulnerability VCID-jy1k-8gy7-pkb7
7
vulnerability VCID-p1m4-3gu6-zffw
8
vulnerability VCID-qs5f-9ftk-fben
9
vulnerability VCID-x7he-eg8d-g7hj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8
aliases CVE-2026-34771, GHSA-8337-3p73-46f4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zzcf-uus6-rqa8
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/electron@40.6.0